P
US7802104B2ExpiredUtilityPatentIndex 98

Context sensitive dynamic authentication in a cryptographic system

Assignee: SECURITY FIRST CORPPriority: Sep 20, 1999Filed: Aug 16, 2007Granted: Sep 21, 2010
Est. expirySep 20, 2019(expired)· nominal 20-yr term from priority
Inventors:DICKINSON ALEXANDER GBERGER BRIANDOBSON ROBERT T JR
H04L 9/3226G06Q 20/4016H04L 2463/082H04L 2209/56H04L 2209/805H04L 9/3297G06Q 20/4014H04L 63/0428H04L 63/08H04L 63/10H04W 12/67
98
PatentIndex Score
200
Cited by
105
References
24
Claims

Abstract

A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user. This confidence level is compared with a required trust level which is based at least in part upon the requirements of the second user, and the authentication result is based upon this comparison.

Claims

exact text as granted — not AI-modified
1. An article of manufacture comprising:
 a non-transitory computer readable storage medium comprising instructions, said instructions comprising instructions for: obtaining first circumstantial data during a first authentication attempt by a first user; storing said first circumstantial data; obtaining second circumstantial data during a second authentication attempt by a second user; obtaining authorization data during said second authentication attempt by said second user; comparing said second circumstantial data to said stored first circumstantial data; and assigning a level of trust to said second user. 
 
   
   
     2. The article of manufacture of  claim 1 , wherein said first user attempts said first authorization from a first location, and said second user attempts said second authorization from a second location, which is separate and distinct from said first location. 
   
   
     3. The article of manufacture of  claim 1 , wherein said first user and said second user are the same user. 
   
   
     4. The article of manufacture of  claim 1 , wherein said first authentication attempt is successful. 
   
   
     5. The article of manufacture of  claim 2 , wherein a session is created after said successful first authentication attempt and said session is closed prior to said second authentication attempt. 
   
   
     6. The article of manufacture of  claim 1 , wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the authentication attempt with which it is associated. 
   
   
     7. The article of manufacture of  claim 6 , wherein said circumstantial data comprises one or more datum selected from the group consisting of the user's processor serial number, the user's IP address, the type of network the user is connected to, or a time stamp associated with each authorization attempt. 
   
   
     8. The article of manufacture of  claim 1 , wherein assigning said level of trust to said second user comprises examining the results of said comparison of said second circumstantial data to said stored first circumstantial data. 
   
   
     9. The article of manufacture of  claim 1 , wherein said authorization data is generated using one or more of one or more authorization techniques. 
   
   
     10. The article of manufacture of  claim 9 , wherein said authorization technique is one or more authorization techniques selected from the group consisting of fingerprint analysis, password comparison, and smart card identification. 
   
   
     11. The article of manufacture of  claim 9 , wherein each of said one or more authorization techniques is assigned a reliability index based upon the inherent reliability of that technique. 
   
   
     12. The article of manufacture of  claim 1 , wherein assigning said level of trust to said second user comprises examining the reliability indexes of the one or more authentication techniques used to generate said authentication data. 
   
   
     13. An apparatus for graded user authentication over a network comprising:
 first circumstantial data; 
 second circumstantial data; 
 authorization data; and 
 a trust engine; 
 wherein said first circumstantial data is obtained during a first authentication attempt by a first user; 
 wherein said second circumstantial data is obtained during a second authentication attempt by a second user; 
 wherein said authorization data is obtained during said second authentication attempt by said second user; and 
 wherein a trust engine assigns a level of trust to said second user. 
 
   
   
     14. The apparatus  claim 13 , wherein said first user attempts said first authorization from a first location, and said second user attempts said second authorization from a second location, which is separate and distinct from said first location. 
   
   
     15. The apparatus of  claim 13 , wherein said first user and said second user are the same user. 
   
   
     16. The apparatus of  claim 13 , wherein said first authentication attempt is successful. 
   
   
     17. The apparatus of  claim 14 , wherein a session is created after said successful first authentication attempt and said session is closed prior to said second authentication attempt. 
   
   
     18. The apparatus of  claim 13 , wherein said circumstantial data is data describing one or more aspects of the current circumstances surrounding the authentication attempt with which it is associated. 
   
   
     19. The apparatus of  claim 18 , wherein said circumstantial data comprises one or more datum selected from the group consisting of the user's processor serial number, the user's IP address, the type of network the user is connected to, or a time stamp associated with each authorization attempt. 
   
   
     20. The apparatus of  claim 13 , wherein assigning said level of trust to said second user comprises examining the results of said comparison of said second circumstantial data to said stored first circumstantial data. 
   
   
     21. The apparatus of  claim 13 , wherein said authorization data is generated using one or more of one or more authorization techniques. 
   
   
     22. The apparatus of  claim 21 , wherein said authorization technique is one or more authorization techniques selected from the group consisting of fingerprint analysis, password comparison, and smart card identification. 
   
   
     23. The apparatus of  claim 21 , wherein each of said one or more authorization techniques is assigned a reliability index based upon the inherent reliability of that technique. 
   
   
     24. The apparatus of  claim 13 , wherein assigning said level of trust to said second user comprises examining the reliability indexes of the one or more authentication techniques used to generate said authentication data.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.